CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16794

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.2%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 5.0

References

Products affected by CVE-2018-16794

Microsoft » Active Directory Federation Services » Version: 1.0

cpe:2.3:a:microsoft:active_directory_federation_services:1.0
Microsoft » Active Directory Federation Services » Version: 1.1

cpe:2.3:a:microsoft:active_directory_federation_services:1.1
Microsoft » Active Directory Federation Services » Version: 2.0

cpe:2.3:a:microsoft:active_directory_federation_services:2.0
Microsoft » Active Directory Federation Services » Version: 2.1

cpe:2.3:a:microsoft:active_directory_federation_services:2.1
Microsoft » Active Directory Federation Services » Version: 4.0

cpe:2.3:a:microsoft:active_directory_federation_services:4.0
Microsoft » Windows Server 2016 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2016:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16794

Products

Pricing

Contact Us